tag:blogger.com,1999:blog-3798604115389836864.post4740339348913582434..comments2024-03-13T13:04:53.453+00:00Comments on IT Security Expert Blog: Cotton Traders: Where’s the PCI DSS Compliance?SecurityExperthttp://www.blogger.com/profile/02816379340772195492noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-3798604115389836864.post-17665880597624498552012-04-26T00:13:42.255+01:002012-04-26T00:13:42.255+01:00It is certainly an issue of vulnerability wherein ...It is certainly an issue of vulnerability wherein web applications are vulnerable to attacks. They stand to improve their security interface after this incident.pci compliancehttp://www.shearwater.com.au/services/pci-compliance/noreply@blogger.comtag:blogger.com,1999:blog-3798604115389836864.post-91342211444092930832009-02-12T08:44:00.000+00:002009-02-12T08:44:00.000+00:00If rather than taking a payment online, I ask for ...If rather than taking a payment online, I ask for card details, then generate an e-mail containing these card details in 128-bit encrypted form, and then finally at my end use my personal encryption key to unencrypt the card details in the e-mail, does this violate PCI DSS. My understanding is that PCI DSS applies to the storage of card details online, which I am trying to avoidAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-3798604115389836864.post-46242476188453214662008-09-25T14:54:00.000+01:002008-09-25T14:54:00.000+01:00It migyht be a coincidence but we had our credit c...It migyht be a coincidence but we had our credit cards compromised at this time and they had to be re-issued with a new number. I feel that Cotton Traders have become complacent with their success as I recently ordered shoes which were at least 3 sizes too small although they said size 9 on them, they refunded but refused to pay my return postage. Their quality has, in our opinion, gone right down and goods have been very much "Far East" in quality! We have complained & cancelled their catalogues, but not a word of apology from them!!<BR/>John CowellAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-3798604115389836864.post-44302498478376056972008-07-28T15:33:00.000+01:002008-07-28T15:33:00.000+01:00For any merchant handling less than 6 million tran...For any merchant handling less than 6 million transactions annually will need to complete the PCI DSS Self Assessment Questionnaire. https://www.pcisecuritystandards.org/saq/instructions.shtml But this is not so straight forward, as the security overhead to meet PCI DSS requirements (i.e. web app scanning) for a small self run e-commerce website will be high.<BR/><BR/>So my recommendation is to outsource the payments to a third party payment provider, which affectively outsourcing all of the expensive security requirements, including web security, as well as the actual PCI DSS Compliance. As long as you don't handle any of the card payments any where else, you don't need to be PCI DSS compliant.<BR/><BR/>For example see Paypal - https://www.paypal.com/pcicomplianceSecurityExperthttps://www.blogger.com/profile/02816379340772195492noreply@blogger.comtag:blogger.com,1999:blog-3798604115389836864.post-34255768489545711782008-07-23T19:03:00.000+01:002008-07-23T19:03:00.000+01:00If I operate a small ecommerce website that sells ...If I operate a small ecommerce website that sells recurring subscriptions using a proprietary shopping cart, how do I go about getting PCI compliant without it costing me an arm and a leg? I assume PCI wasn't implemented to put small ecom operations out of business due to the high cost of becoming compliant. Thanks for any insight.Anonymousnoreply@blogger.com